Cc: Robert P. J. Day <rpjday@mindspring.com>
Signed-off-by: Mike Frysinger <michael.frysinger@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
However there are similar things in the EBIU_DDRQUE Register
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
we converted to using a system call for userspace spinlocks
rather than a dedicated exception long ago
Signed-off-by: Mike Frysinger <michael.frysinger@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
These changes will make NetLabel behave like labeled IPsec where there is an
access check for both labeled and unlabeled packets as well as providing the
ability to restrict domains to receiving only labeled packets when NetLabel
is in use. The changes to the policy are straight forward with the
following necessary to receive labeled traffic (with SECINITSID_NETMSG
defined as "netlabel_peer_t"):
allow mydom_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
The policy for unlabeled traffic would be:
allow mydom_t unlabeled_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
These policy changes, as well as more general NetLabel support, are included
in the SELinux Reference Policy SVN tree, r2352 or later. Users who enable
NetLabel support in the kernel are strongly encouraged to upgrade their
policy to avoid network problems.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Add a new security check on mmap operations to see if the user is attempting
to mmap to low area of the address space. The amount of space protected is
indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to
0, preserving existing behavior.
This patch uses a new SELinux security class "memprotect." Policy already
contains a number of allow rules like a_t self:process * (unconfined_t being
one of them) which mean that putting this check in the process class (its
best current fit) would make it useless as all user processes, which we also
want to protect against, would be allowed. By taking the memprotect name of
the new class it will also make it possible for us to move some of the other
memory protect permissions out of 'process' and into the new class next time
we bump the policy version number (which I also think is a good future idea)
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Inode numbers are unsigned long and so need to %lu as format string of printf.
Signed-off-by: Tobias Oed <tobias.oed@octant-fr.com>
Signed-off-by: James Morris <jmorris@namei.org>
In security_get_user_sids, move the transition permission checks
outside of the section holding the policy rdlock, and use the AVC to
perform the checks, calling cond_resched after each one. These
changes should allow preemption between the individual checks and
enable caching of the results. It may however increase the overall
time spent in the function in some cases, particularly in the cache
miss case.
The long term fix will be to take much of this logic to userspace by
exporting additional state via selinuxfs, and ultimately deprecating
and eliminating this interface from the kernel.
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
During the LSPP testing we found that it was possible for
policydb_destroy() to take 10+ seconds of kernel time to complete.
Basically all policydb_destroy() does is walk some (possibly long) lists
and free the memory it finds. Turning off slab debugging config options
made the problem go away since the actual functions which took most of
the time were (as seen by oprofile)
> 121202 23.9879 .check_poison_obj
> 78247 15.4864 .check_slabp
were caused by that. So I decided to also add some voluntary schedule
points in that code so config voluntary preempt would be enough to solve
the problem. Something similar was done in places like
shmem_free_pages() when we have to walk a list of memory and free it.
This was tested by the LSPP group on the hardware which could reproduce
the problem just loading a new policy and was found to not trigger the
softlock detector. It takes just as much processing time, but the
kernel doesn't spend all that time stuck doing one thing and never
scheduling.
Someday a better way to handle memory might make the time needed in this
function a lot less, but this fixes the current issue as it stands
today.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
The structure is as follows (relative to selinuxfs root):
/class/file/index
/class/file/perms/read
/class/file/perms/write
...
Each class is allocated 33 inodes, 1 for the class index and 32 for
permissions. Relative to SEL_CLASS_INO_OFFSET, the inode of the index file
DIV 33 is the class number. The inode of the permission file % 33 is the
index of the permission for that class.
Signed-off-by: Christopher J. PeBenito <cpebenito@tresys.com>
Signed-off-by: James Morris <jmorris@namei.org>
Specify the inode counter explicitly in sel_make_dir(), rather than always
using sel_last_ino.
Signed-off-by: Christopher J. PeBenito <cpebenito@tresys.com>
Signed-off-by: James Morris <jmorris@namei.org>
sel_remove_bools() will also be used by the object class discovery, rename
it for more general use.
Signed-off-by: Christopher J. PeBenito <cpebenito@tresys.com>
Signed-off-by: James Morris <jmorris@namei.org>
Add support to the SELinux security server for obtaining a list of classes,
and for obtaining a list of permissions for a specified class.
Signed-off-by: Christopher J. PeBenito <cpebenito@tresys.com>
Signed-off-by: James Morris <jmorris@namei.org>
This patch adds a missing NVRAM strapping for 5755 devices.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch adds automatic MDI crossover support when autonegotiation is
turned off. Automatic MDI crossover allows link to be established
without the use of a crossover cable.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
For most pre-5705 devices, multiple link interrupts were being generated
for a single physical link change. The source of the interrupts was
determined to be unnecessary toggling of the MAC link polarity bit.
This patch changes the way the link polarity bit gets configured. Where
possible, code that dynamically configures the bit in response to link
changes has been replaced by code that configures the bit once during
initialization time and then leaves the bit alone.
For correctness, this patch also limits the use of the bit to those
devices where it is defined, namely devices before the 5705. This patch
also corrects the link polarity configurations for 5700 devices when
paired against a bcm5411 phy.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gagan Arneja <gaagaan@gmail.com> pointed out that tg3_reset_task()
could potentially race with another thread calling tg3_full_lock()
such as the ethtool_set_xxx() functions. This may trigger the
BUG_ON() in tg3_irq_quiesce() or cause the irq_sync flag to be out-
of-sync.
I think the easiest way to fix this is to get the tp->lock first
before setting the irq_sync flag. This is safe to do because the
tp->lock is never grabbed by the irq handler. This change will
guarantee that the irq_sync flag updates will be serialized. We also
have to change one spot to call tg3_netif_start() (which clears the
irq_sync flag) before releasing the tp->lock.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Switch from formatting messages in probe routine and copying with
kfifo, to using a small circular queue of information and formatting
on read. This avoids wraparound issues with kfifo, and saves one
copy.
Also make sure to state correct license, rather than copying off some
other driver I started with.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Drivers need to validate the initial addresses in their netlink attribute
validation function or manually reject them if they can't support this.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
All drivers need to unregister their devices in the module unload function.
While doing so they must hold the rtnl and atomically unregister the
rtnl_link ops as well. This makes the rtnl_link_unregister function that
takes the rtnl itself completely useless.
Provide default newlink/dellink functions, make __rtnl_link_unregister and
rtnl_link_unregister unregister all devices with matching rtnl_link_ops and
change the existing users to take advantage of that.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
The VLAN MAC address handling is broken in multiple ways. When the address
differs when setting it, the real device is put in promiscous mode twice,
but never taken out again. Additionally it doesn't resync when the real
device's address is changed and needlessly puts it in promiscous mode when
the vlan device is still down.
Fix by moving address handling to vlan_dev_open/vlan_dev_stop and properly
deal with address changes in the device notifier. Also switch to
dev_unicast_add (which needs the exact same handling).
Since the set_mac_address handler is identical to the generic ethernet one
with these changes, kill it and use ether_setup().
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Keep netpoll/poll_napi from messing with the poll_list.
Only net_rx_action is allowed to manipulate the list.
Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Well, first of all, I don't want to change so many files either.
What I do:
Adding a new parameter "struct bin_attribute *" in the
.read/.write methods for the sysfs binary attributes.
In fact, only the four lines change in fs/sysfs/bin.c and
include/linux/sysfs.h do the real work.
But I have to update all the files that use binary attributes
to make them compatible with the new .read and .write methods.
I'm not sure if I missed any. :(
Why I do this:
For a sysfs attribute, we can get a pointer pointing to the
struct attribute in the .show/.store method,
while we can't do this for the binary attributes.
I don't know why this is different, but this does make it not
so handy to use the binary attributes as the regular ones.
So I think this patch is reasonable. :)
Who benefits from it:
The patch that exposes ACPI tables in sysfs
requires such an improvement.
All the table binary attributes share the same .read method.
Parameter "struct bin_attribute *" is used to get
the table signature and instance number which are used to
distinguish different ACPI table binary attributes.
Without this parameter, we need to offer different .read methods
for different ACPI table binary attributes.
This is impossible as there are various ACPI tables on different
platforms, and we don't know what they are until they are loaded.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch makes dentries and inodes for sysfs directories
reclaimable.
* sysfs_notify() is modified to walk sysfs_dirent tree instead of
dentry tree.
* sysfs_update_file() and sysfs_chmod_file() use sysfs_get_dentry() to
grab the victim dentry.
* sysfs_rename_dir() and sysfs_move_dir() grab all dentries using
sysfs_get_dentry() on startup.
* Dentries for all shadowed directories are pinned in memory to serve
as lookup start point.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Some sysfs operations require dentry and inode. sysfs_get_dentry()
looks up and gets dentry for the specified sysfs_dirent. It finds the
first ancestor with dentry attached and starts looking up dentries
from there.
Looking up from the nearest ancestor is necessary to support shadowed
directories because we can't reliably lookup dentry for one of the
shadows. Dentries for each shadow will be pinned in memory such that
they can serve as the starting point for dentry lookup.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
After add/remove path restructuring, the only user of
sysfs_drop_dentry() is sysfs_addrm_finish(). Move sysfs_drop_dentry()
to dir.c and make it static.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The original add/remove code had the following problems.
* parent's timestamps are updated on dentry instantiation. this is
incorrect with reclaimable files.
* updating parent's timestamps isn't synchronized.
* parent nlink update assumes the inode is accessible which won't be
true once directory dentries are made reclaimable.
This patch restructures add/remove paths to resolve the above
problems. Add/removal are done in the following steps.
1. sysfs_addrm_start() : acquire locks including sysfs_mutex and other
resources.
2-a. sysfs_add_one() : add new sd. linking the new sd into the
children list is caller's responsibility.
2-b. sysfs_remove_one() : remove a sd. unlinking the sd from the
children list is caller's responsibility.
3. sysfs_addrm_finish() : release all resources and clean up.
Steps 2-a and/or 2-b can be repeated multiple times.
Parent's inode is looked up during sysfs_addrm_start(). If available
(always at the moment), it's pinned and nlink is updated as sd's are
added and removed. Timestamps are updated during finish if any sd has
been added or removed. If parent's inode is not available during
start, sysfs_mutex ensures that parent inode is not created till
add/remove is complete.
All the complexity is contained inside the helper functions.
Especially, dentry/inode handling is properly hidden from the rest of
sysfs which now mostly operate on sysfs_dirents. As an added bonus,
codes which use these helpers to add and remove sysfs_dirents are now
more structured and simpler.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
As kobj sysfs dentries and inodes are gonna be made reclaimable,
i_mutex can't be used to protect sysfs_dirent tree. Use sysfs_mutex
globally instead. As the whole tree is protected with sysfs_mutex,
there is no reason to keep sysfs_rename_sem. Drop it.
While at it, add docbook comments to functions which require
sysfs_mutex locking.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Replace sysfs_lock and kobj_sysfs_assoc_lock with sysfs_assoc_lock.
sysfs_lock was originally to be used to protect sysfs_dirent tree but
mutex seems better choice, so there is no reason to keep sysfs_lock
separate. Merge the two spinlocks into one.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
As kobj sysfs dentries and inodes are gonna be made reclaimable,
dentry can't be used as naming token for sysfs file/directory, replace
kobj->dentry with kobj->sd. The only external interface change is
shadow directory handling. All other changes are contained in kobj
and sysfs.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Implement sysfs_find_dirent() and sysfs_get_dirent().
sysfs_dirent_exist() is replaced by sysfs_find_dirent(). These will
be used to make directory entries reclamiable.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Implement SYSFS_FLAG_REMOVED flag which currently is used only to
improve sanity check in sysfs_deactivate(). The flag will be used to
make directory entries reclamiable.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Rename sysfs_dirent->s_type to s_flags, pack type into lower eight
bits and reserve the rest for flags. sysfs_type() can used to access
the type. All existing sd->s_type accesses are converted to use
sysfs_type(). While at it, type test is changed to equality test
instead of bit-and test where appropriate.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
sysfs_drop_dentry() used to go through sd->s_dentry and
sd->s_parent->s_dentry to access the inodes. This is incorrect
because inode can be cached without dentry.
This patch makes sysfs_drop_dentry() access inodes using ilookup() on
sd->s_ino. This is both correct and simpler.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
